[Python-Dev] Is core dump always a bug? Advice requested

Bob Ippolito bob at redivi.com
Tue May 11 00:49:37 EDT 2004


On May 11, 2004, at 12:20 AM, Greg Ewing wrote:

> Guido:
>
>>> As long as it's possible to attempt to execute arbitrary strings
>>> as bytecode, I'd say ceval should be robust against this.
>>
>> This ought to be a long-term project then: write a bytecode verifier.
>> It's not a trivial task!
>
> When I wrote that, I was assuming that ceval was already mostly robust
> in this respect, and that what was being reported was a new hole
> recently opened up.
>
> But it appears I was gravely mistaken, and that ceval has been full of
> gaping holes from the beginning.
>
> I'm disappointed to learn this, because I had always regarded it as an
> axiom that no Python-level code should be capable of crashing the
> interpreter, and if it can, this represents a bug. However, it seems
> this axiom has not been adhered to in the design of ceval.

Well with modules like ctypes and PyObjC becoming more common, it's 
pretty easy to make the interpreter crash whenever you really want it 
to :)

Python is no Java, there's not even a real attempt to bake security 
into it.. only good programming practices.  Doing extensive checking of 
bytecode at runtime would make Python's interpreter much slower than it 
already is.  I can't imagine that someone with a real need for mangling 
bytecode is going to need their hand held here.  In most cases such a 
person is probably already pretty familiar with the VM at the CPython 
implementation level anyways (since it's not really documented 
elsewhere, as far as I know).

As far as bytecode verification goes, I would imagine that running it 
through PyPy might be good enough to see if it's sane (assuming PyPy 
supports the same bytecode in a similar enough way).

-bob




More information about the Python-Dev mailing list